aMule Forum

English => en_Bugs => Topic started by: GilesBathgate on May 20, 2009, 02:46:56 PM

Title: TCP Treason
Post by: GilesBathgate on May 20, 2009, 02:46:56 PM

I have noticed lots of lines like this in my system log.

Code: [Select]

[330896.844059] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.
[330905.932056] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.
[330924.108063] TCP: Treason uncloaked! Peer 217.235.66.247:37253/39253 shrinks window 199201847:199203878. Repaired.

It only occours whilst running amule.

I am currently using amule (2.2.4)

What is it? Is it normal? Is it a bug?

I don't like it so I wrote this script that generates ipfilter.dat based on messages found in kern.log

Code: [Select]

#!/bin/sh

grep "reason" /var/log/kern.log | sed "s/.*Peer \(.*\):.*shrinks window.*:.*/\1/" | sort -n | uniq | while read line
do
echo "$line - $line, 000, \"TCP Treason\""
done


Title: Re: TCP Treason
Post by: gav616 on May 20, 2009, 03:26:56 PM

sorry but, don't they have google were you come from? first result!!

as for the script, you could place all the IP's that needed to be repaired into amules 'ipfilter_static.dat'

but why make a ban script if you don't even know what the outputs are ?
so i've come to the conclusion that you do actually know, but just what to promote a ban script.

Title: Re: TCP Treason
Post by: Kry on May 20, 2009, 06:02:37 PM

This is good reading:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2ad41065d9fe518759b695fc2640cf9c07261dd2

But yeah, some googling before asking kernel questions here would be a good idea.

Title: Re: TCP Treason
Post by: gav616 on May 20, 2009, 09:08:07 PM

i think its a good idea adding such a cron script to add Treason IP's to 'ipfilter_static.dat'

Title: Re: TCP Treason
Post by: Kry on May 20, 2009, 09:59:14 PM

You can't be serious.

Title: Re: TCP Treason
Post by: GilesBathgate on May 21, 2009, 04:26:41 PM

Yes we do have google as a matter of fact, and yes I did google this before blindly posting to the forum.

However I can see how you might have thought that I hadn't even bothered to look since i didn't metntion in my original post that:


While I understand how those messages can appear in my kernel log, I was actually interested in how they related to usage of amule specifically.

Is it because:

1) Amule/emule clients typically reduce their window size as a part of normal bandwidth throttling operations.
2) These are spurious packets sent by evil-doers scanning ports on any computer.
3) Something else.

I also searched through the forum to see if anyone else had asked about this, and thought this thread could be a good place to dispell any myths for future users with similar confusion.

Quote from: Kry on May 20, 2009, 06:02:37 PM

This is good reading:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2ad41065d9fe518759b695fc2640cf9c07261dd2

But yeah, some googling before asking kernel questions here would be a good idea.

I believe this bug was fixed in 2.6.14. I am  running  on 2.6.26

Title: Re: TCP Treason
Post by: gav616 on May 21, 2009, 06:03:05 PM

Quote from: Kry on May 20, 2009, 09:59:14 PM

You can't be serious.

;)

@GilesBathgate

ah